ATCorp Releases “Mac Marshal™,” for Forensic Investigations of Mac OS X

February 10, 2009, Ithaca, NY. Motivated by the continual increase in the number of Macs encountered in computer crime labs and the lack of Mac-specific expertise and tools, ATCorp released the Mac Marshal tool suite on January 30, 2009. Mac Marshal automatically gathers application and operating system usage information from Mac OS X disk images and presents it in a straightforward format for examination by an investigator. It also detects dual-boot and virtual machine configurations, common in Intel-based Macintosh computers, allowing investigators to use their tools of choice on extracted non-Mac OS partitions.

ATC-NY, a wholly-owned subsidiary of Architecture Technology Corporation, developed Mac Marshal with the support of a grant from the U.S. National Institute of Justice (NIJ). Working with partners in law enforcement, ATC-NY designed Mac Marshal to follow forensic best practices and maintain a detailed log file of all activities it performs. It produces reports in RTF, PDF, and HTML formats, and runs on Mac OS X-based analysis machines.

The tool is available free of charge to U.S. law enforcement personnel. For more information, visit www.macmarshal.com.